IN THE CLAIMS 

1 1 . [currently amended] A method (400, 500, 600, 700) for synchronizing state 

2 information in a security gateway cluster, said security gateway cluster comprising at 

3 least two nodes, said method comprising the step of: 

4 - storing state information in a first node and in at least a second node of 

5 said at least two nodes in said security gateway cluster: 

6 - upon occurrence of a predetermined irregularly occurring action. 

7 synchronizing (403) s aid state information in said security gateway cluster by 

8 sending state information from a- said f irst node to at least said second node of 

9 said at least two nodes, 

1 0 charact e r i z e d i n that i t compr i s e s th e steps of: 

1 1 - detecting (401) in said security gateway cluster a predetermined 

1 2 irregularly occurring action, and 

1 3 - initiating 44Q2± said step of synchronization of state information as a 

1 4 response to said predetermined irregularly occurring action 7 

1 5 and i n that i n sa i d st e p of synchroniz i ng state i nformat i on, state i nformation i s 

1 6 s e nt to at l east a second node of sa i d at le ast two nod e s. 

1 2. [currently amended] A method according to claim 1 , character i zed i n that 

2 wherein said predetermined action is modification of state information (602) stored in said 

3 first node. 

1 3. [currently amended] A method according to claim 2 , charact e r i z e d i n that 

2 wherein in the- said_step of synchronizing state information, only ajnodified part of said 

3 the- state information stored in said first node is sent. 

1 4. [currently amended] A method according to claim 3 , char a ct e r i zed i n that 

2 wherein the modified part of the state information is sent from said first node to all other 

3 nodes of said security gateway cluster. 

1 5. [currently amended] A method according to claim 4 , charact e r i zed i n that 

2 wherein the modified part of the state information relates to a certain protocol, 
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3 authentication information, virtual private network parameters or intrusion detection 

4 system. 

1 6. [currently amended] A method according to claim 1 , charact e r i z e d i n that 

2 wherein in the step of synchronizing state information, all state information stored in said 

3 first node is sent. 

1 7. [currently amended] A method -(§OQ)-according to claim 1 , ch a ract e riz e d i n 

2 that wherein it further comprises the step of: 

3 - periodically synchronizing (501, 403) state information from said first node to at least a 

4 second node. 

1 8. [currently amened] A method (600) according to claim 1 , characteriz e d i n that 

2 ft further comprising compr i ses the step of: 

3 - defining (601) for each node belonging to said security gateway cluster 

4 a node-specific backup group comprising at least one node-specific backup node, 

5 and in that when a node initiates synchronizing of state information, state 

6 information is sent (605) at least to nodes belonging to a respective node-specific 

7 backup group. 

1 9. [currently amended] A method according to claim 8, c haract orizod i n that 

2 wherein 

3 - state information stored in said first node comprises common state 

4 information and node-specific state information, 

5 - modification of common state information initiates synchronization (604) 

6 of common state information to all other nodes of said security gateway cluster, 

7 and 

8 - modification of node-specific state information initiates synchronization 

9 (605) of node-specific state information to nodes belonging to backup group of 
1 0 said first node. 

1 10. [currently amended] A method according to claim 9 , charact e r i zed in that 

2 wherein said predetermined irregularly occurring action affects number of nodes in said 
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3 security gateway cluster and i n that said method further comprising compr i coc the step 

4 . of: 

5 - redefining (703) f or at least one node belonging to said security gateway 

6 cluster a backup group comprising at least one backup node. 

1 11. [currently amended] A method (700) according to claim 1 , character i z e d i n 

2 that wherein said predetermined irregularly occurring action is said first node failing 

3 (701) to continue normal operation. 

1 12. [currently amended] A method according to claim 1 , charact e r i z e d i n that 

2 wherein said predetermined irregularly occurring action is said second node requesting 

3 (704) for state information. 

1 13. [currently amended] A method according to claim 1 , charactor i zod in that 

2 wherein said predetermined irregularly occurring action is said first node initiating a 

3 transition to offline state. 

1 14. [currently amended] A method according to claim 1 , character i z e d in that 

2 wherein said predetermined irregularly occurring action is handling of data packets 

3 relating to a communication session in at least two nodes, one of them being said first 

4 node, and in that said synchronization of state information is performed between at least 

5 said at least two nodes. 

1 15. [currently amended] A method {80Q)- according to claim 1 , charactor i zod i n 

2 that wherein said predetermined irregularly occurring action is a receipt (801) of a data 

3 packet in said first node of said security gateway cluster, said data packet relating to a 

4 command to open a new connection via said security gateway cluster. 

1 16. [currently amended] A method according to claim 15 , charactor i zod in that i t 

2 further comprising compr ises the step of: 

3 - delaying (803) sending of said data packet from said first node until said 

4 synchronization of state information is performed. 
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1 17. [currently amended] A method according to claim 1 , character i z e d i n that i t 

2 furth e r compr i coo further comprising the step of: 

3 - delaying sending of a plurality of data packets from said first node until said 

4 synchronization of state information is performed. 

1 18. [currently amended] A comput e r program compr i s i ng program codo for 

2 p e rform i ng a ll the steps of C l a i m 1 when sa i d program i s run on a comput e r. A method 

3 according to claim 1 wherein said irregularly occurring action is the failure of a node, and 

4 wherein said step of storing state information in said first node comprises storing both 

5 common state information and node-specific state information in said first node, and 

6 further comprising the steps of: 

7 - defining one or more backup nodes for said first node in a security gateway 

8 cluster: 

9 - upon detection of failure of said first node, initiating state information 

1 0 synchronization and synchronizing said common state information with all other 

1 1 nodes in said security gateway cluster and synchronizing node-specific state 

1 2 information of said first node with said one or more backup nodes for said first 

1 3 node. 

1 19. [currently] A comput e r program product compr i s i ng program cod e m e ans 

2 stor e d on a comput e r r e adab le m e d i um for p e rform i ng th e m e thod of C l a i m 1 wh e n sa i d 

3 program product i s run on a comput e r. A computer-readable medium having stored 

4 thereon computer-readable instructions, which when executed by a computer control 

5 said computer to perform the following process: 

6 - storing state information in a first node and in at least a second node of 

7 said at least two nodes in said security gateway cluster: 

8 - detecting said security gateway cluster a predetermined irregularly 

9 occurring action, and 
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1 0 - initiating said step of synchronization of state information as a response 

1 1 to said predetermined irregularly occurring action . 

1 2 - synchi onizinasaid state information in said security gateway cluster by 

1 3 sending state information from said first node to at least said second node of said 

1 4 at least two nodes. 

1 20. [currently amended] A first softwar e e ntity (910) for a node (900) in a 

2 security gateway cluster, said first node first softwar e e nt i ty c omprising: 

3 a processor programmed with the following software components: 

4 - program code means (911) for processing data packets, 

5 - program code means for storing state information of said node, 

6 aad- 

7 - program code means (914) for synchronizing said state information with 

8 at least a second -fifst-software entity in- controlling operations of a processor in a 

9 secnd on e oth e r node of said security gateway cluster, 

1 0 ch a ract e r i z e d i n that s a i d first software ent i ty further compr i s e s 

1 1 - program code means {&4-§>- for receiving from said second software 

1 2 entity instructions to initiate synchronizing said state information, 

1 3 and wherein 4fl-that- said program code means 4&44f for synchronizing said state 

1 4 information are arranged to initiate synchronization as a response to receipt of 

1 5 instructions to initiate synchronization. 
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1 21 . [currently amended] A first node softwar e e nt i ty according to claim 20, -Gha- 

2 ract e r i z e d i n that it- further comprising: compr ises 

3 - program code means {046)- for causing a data packet to be delayed until 

4 an initiated state information synchronization is complete. 

1 22. [currently amended] A first node s oftware e nt i ty according to claim 21 , -sba- 

2 ract e r i zed i n that wherein said program code means (916) for causing a data packet to 

3 be delayed are arranged to delay said data packet until state information is transferred 

4 from said first node to said second node . 

1 23. [currently amended] A first node softwar e e nt i ty a ccording to claim 21 , ch a- 

2 ract e r i z e d i n that wherein said program code means {944)- for causing a data packet to 

3 be delayed are arranged to inform said the- second software entity when an initiated 

4 state information synchronization is complete. 

1 24. [currently amended] A first node softwar e e nt i ty a ccording to claim 20, «ha» 

2 ract e r i z e d i n that i t further comprising: compr i s e s 

3 - program code means (913) for receiving instructions to modify said state 

4 information from a second software entity residing in a same node as said first 

5 software entity. 

1 25. [currently amended] A second softwar e e nt i ty (920) for a node in a security 
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2 gateway cluster, said second node s oftwar e e nt i ty comprising: 

3 a processor programmed with the following software components: 

4 - program code means for monitoring data packets relating to certain 

5 communication protocol connections, 

6 charact e r i z e d i n that i t furth e r compr ise s 

7 - program code means 4823)- for delivering to a first node in said security 

8 gateway cluster s oftwar e ent i ty instructions to initiate synchronizing said state 

9 information between said first and second nodes . 

1 26. [currently amended] A second node s oftwar e e nt i ty according to claim 25, 

2 charact e r i z e d i n that i t further comprising: compr i s e s 

3 - program code means (924) for causing a data packet to be delayed until 

4 an initiated state information synchronization is complete. 

1 27. [currently amended] A second node s oftwar e e nt i ty according to claim 26, 

2 char a ct e r i z e d i n that wherein said program code means (824) for causing a data 

3 packet to be delayed are arranged to inform said the- first node s oftwar e e nt i ty to delay a 

4 data packet. 

1 28. [currently amended] A second node softwar e e nt i ty according to claim 26, 

2 charact e r i z e d i n that wherein said program code means (924) for causing a data 

3 packet to be delayed are arranged to be informed by said the- first node s oftwar e ent i ty, 
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4 when an initiated state information synchronization is complete, and subsequently trigger 

5 delivery of said data packet to said the- first node softwar e e nt i ty . 

1 29. [currently amended] A second node softwar e e nt i ty according to claim 25, 

2 charact e r i zed i n that i t further comprising: compr ises 

3 - program code means (922) for delivering to said first node a first 

4 softwar e ent i ty instructions to modify state information comprising information 

5 about connections. 
6 

7 30. [currently amended] A node 4900)- of a security gateway cluster comprising 

8 - means ^©34f for storing state information of said node, and 

9 - means (932) fo r, upon ocurrence of an irregularly occurring action. 

1 0 synchronizing said state information with at least one other node of said security 

1 1 gateway cluster, 

1 2 ch a ract e r i z e d i n that i t furth e r compr i s e s 

1 3 - means {933)- for detecting a predetermined irregularly occurring action, 

1 4 and 

1 5 - means {©34f for initiating synchronization of said state information as a 

1 6 response to said irregularly occurring action. 



1 31. [currently amended] A security gateway cluster (950)- having a plurality of 

2 nodes ( 9 00a, 900b), at least one node comprising 
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3 - means {834| for storing state information of said node, and 

4 - means , upon occurrence of an irregularly occurring action.4 8324- for 

5 synchronizing said state information with at least one other node of said security 

6 gateway cluster, 

7 ch a ract e r i z e d i n that sa i d at le ast on e nod e furth e r compr i s e s 

8 - means 4833)- for detecting a predetermined irregularly occurring action, 

9 and 

1 0 - means 4834)- for initiating synchronization of said state information as a 

1 1 response to said action. 

1 32. [currently amended] A security gateway cluster (95©)- according to claim 31 , 

2 ch a ract e r i z e d i n that i t further comprising: compr ises 

3 - means (854)- for defining for said at least one node a node-specific 

4 backup group by selecting at least one node-specific backup node, 

5 and in-tbat- wherein said means ^©32)- for synchronizing said state 

6 information with at least one other node of the security gateway cluster are 

7 arranged to synchronize said state information from said at least one node to 

8 respective node-specific backup group. 
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